package com.gthncz.hello.config;

import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import com.gthncz.hello.service.RoledUserDetailService;

/**
 * 用户身份认证/授权配置
 * @author GT
 * 参考博客 [Spring Security身份认证之UserDetailsService](https://blog.csdn.net/my_learning_road/article/details/79833802)
 * 
 * **进行身份认证的是 AuthenticationManager 接口**, `ProviderManager` 是它的一个默认实现， 
 * 但是它并不处理身份认证，而是将身份认证委托给配置好的 AuthenticationProvider .
 * 
 * +----------------------------------------------------------------------+
 * |            AuthenticationManager                                              |
 * |                     |                                                         |  
 * |                     | 实现                                                    |
 * |                     |                                                         |
 * |                ProviderManager --------委托-------> AuthenticationProvider  |
 * |         -----------|                                          |              |
 * |         |           |                                          | 实现         |
 * |         |           |                                          |              |
 * | AuthenticationProvider  AuthenticationProvider      DaoAuthenticationProvider  |
 * |                                   |                            |              |             
 * |                               检查身份认证                     | 依赖         |
 * |                                   |                      UserDetailService    |
 * |                         ------------------                   |              |
 * |                         |                   |                  |               |
 * |                     Exception        Authentication---对比---UserDetail       |         
 * +-----------------------------------------------------------------------+    
 * 
 * 
 */

@Configuration
@EnableWebSecurity
// @EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	private static final org.slf4j.Logger log = LoggerFactory.getLogger(WebSecurityConfig.class);
	
	public WebSecurityConfig() {
		log.info("WebSecurityConfig constructor.");
	}
	
	@Autowired
	private RoledUserDetailService userDetailsService;
	
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		// super.configure(auth);
		log.info("confugure 1");
		auth.userDetailsService(userDetailsService).passwordEncoder(this.passwordEncoder());
	}
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		log.info("configure 2.");
		http.authorizeRequests().and()
			.formLogin()
				.loginPage("/auth/login")
				.loginProcessingUrl("/auth/form")
				.permitAll(	)
				.and()
			.logout()
				.permitAll();
	}
	
	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}
}
